Are you asking about the mechanics of blocking them? Or about deeper issues that involve direct contact with the offending sites?
There are two rules that almost all sites should have. Exact wording depends on your server type-- I assumed Apache, but you don't say --and then your chosen method. Apache, for example, generally does it in mod_rewrite but you could also do it in mod_setenvif.
Essential Rule 1:
UA is "Googlebot" (case-sensitive)
IP is not 66.249 or other legitimate G IPs.
Essential Rule 2:
IP is bing (the are lotsx of them)
UA is not bingbot/msnbot (OR: UA is MSIE-anything)
Some of your offending robots can probably be blocked by IP alone. Others need a UA block. In this case it would be "googlebot". Don't know about IIS, but in Apache I believe everything is case-sensitive by default.
Be careful in wording your rule. "Googlebot" is Capitalized, but www dot google dot com is lower case-- and it's contained within the UA string.