Matt Cutts has explained on his blog, how Google handles hacked sites. Matt cites example of a site talkorigins.org, that got hacked recently. The explanation is a response to the posts: 'Me Against Google' and 'Google De-indexes Talk.Origins, Won’t Say Why '.
According to Matt, Google detected spammy text and porn links on November 27th, 2006. Though google had good reasons to believe that the site was hacked, they had to take some action as it was causing problems for regular users. Google classified the site as hacked and spammy and is not shown for user queries since then. The site was also flagged as penalized in Google's webmaster console. Google emailed multiple addresses at talkorigins.org to let them know exactly what happened. Here's an excerpt from the mail:
"While we were indexing your webpages, we detected that some of your pages were using techniques that were outside our quality guidelines, which can be found here: http://www.google.com/webmasters/guidelines.html. In order to preserve the quality of our search engine, we have temporarily removed some webpages from our search results. Currently pages from talkorigins.org are scheduled to be removed for at least 60 days."
Matt says: "Ultimately, each site owner is responsible for making sure that their site isn’t spammy. If you pick a bad search engine optimizer (SEO) and they make a ton of spammy doorway pages on your domain, Google still needs to
take action. Hacked sites are no different: lots of spammy/hacked sites will try to install malware on users’ computers. If your site is hacked and turns spammy, Google may need to remove your site, but we will also try to alert you via our
webmaster console and even by emailing you to let you know what happened. To the best of my knowledge, no other search engine confirms any penalties to sites, nor do they email site owners."