Andy_Langton - 10:25 pm on Sep 22, 2012 (gmt 0)
I'm not sure this explains it, unless it is your DNS servers that are poisoned:
the title of the result and the snippet are from the hijacker's site
This means that *Googlebot* were sent to the attacker's site at crawl-time. You can probably check the DNS they will have received using their public DNS (https://developers.google.com/speed/public-dns/docs/using).
Another check would be to use 'fetch as Googlebot' in GWT to see what content they actually receive.