Andy_Langton - 10:25 pm on Sep 22, 2012 (gmt 0)

I'm not sure this explains it, unless it is your DNS servers that are poisoned:

the title of the result and the snippet are from the hijacker's site

This means that *Googlebot* were sent to the attacker's site at crawl-time. You can probably check the DNS they will have received using their public DNS (https://developers.google.com/speed/public-dns/docs/using).

Another check would be to use 'fetch as Googlebot' in GWT to see what content they actually receive.