I think that a more reasonable explanation could be that the attackers were careless about building the dictionary. If it's built by parsing files and you feed the wrong file or the parser does not work correctly you end up with a dictionary with lots of bogus entries. That seems a simpler explanation than:
"The best guess is that these passwords were collected from an unhashed password database, or from a trojaned SSH server or client."
or
"This might be due to the brute force tool not properly interpreting comments in the dictionary file, or the attacker not understanding the comment notation"
It could be more haste than incompetence. Anyway, if you think about massive brute force attacks like this, they are 'silly' easy no-brain attacks more likely to come from script kiddies who downloaded a tool someone else wrote than real attackers.
"The best guess is that these passwords were collected from an unhashed password database, or from a trojaned SSH server or client."
or
"This might be due to the brute force tool not properly interpreting comments in the dictionary file, or the attacker not understanding the comment notation"