You still would like to know who is referring you. You can still filter those out one by one but it becomes a tedious war against spammers (very similar to the one on emails before the spam filters era)
If those sites hijacking your code aren't actually linking to you, then the visits that show as referred by them are presumably visits staying on those spam sites. In which case by filtering out those visits, you'll also filter out the referral sources for those visits, no?
(It's been a while since Analytics was anywhere near my personal work, so could be wrong here.)
They're not real visits. They're directly sending requests via the analytics api. The spammers can very easily spoof the domain so it looks like it was a visit to your site, not their domain.
