Actually, I think a larger problem is that many of the spambots spoof as common browsers, so you have to block by IP address or IP ranges. So that blows the original "short .htaccess" requirement right out the window.
Then there is the "blank user-agent" problem. This will either cause problems with users who have products like Norton Internet Security installed, or it will represent a 'hole" in the "security," depending on whether you allow or disallow blank user-agents. So again, you have to fall back to IP control if this is a concern.
I have been experimenting with the idea of a "block unless allowed" .htaccess, and even though it is much shorter than a version that blocks specific bad-bots, it is still about 15kB in size with all the IP stuff in it. And just as things were going well, MSN comes out with a brand-new 'bot that was not "allowed" and it ran smack into a 403-Forbidden. Luckily it came back, but that is the downside of the "allow" method. It is definitely NOT what you'd want for a "set and forget" general-purpose Web site with low maintenance.
So my short answer to the original post would be, "No, there is not a short .htaccess that will do that, assuming you are on the internet and not on a tightly-firewalled-off intranet."
Create an allow list, add some IP blocking, and install key_master's bad-bot trap - for starters.