If my server was compromised, wouldn't it affect ALL of my domains and subdomains because it only effected the one I'd just installed the plugin on?
If they're all run under the same account on the same server, the odds are likely that would be yes, but... If you ever manage to fully understand the machinations of hackers and spammers, you are well up on the rest of us.
Now to clarify ... We actually don't know if the WordPress.org site sent you to the scareware site. YOU assume wordpress.org was compromised. I assume your server was compromised. Neither of us know just yet :) Both of us have totally valid reasons for the assumptions.
We know this: You attempted to use the in-app Plugin Installer to install a plugin and, via methods as of yet unknown, you were not directed to the wordpress.org page but instead to a scareware site.
Is that a correct assessment of what happened? (Yes, I know it's simplifying it, but right now, we need to do that a bit.)
My gut tells me that in order for YOU and you alone to be redirected like that (and since no one else has jumped up and said 'me too! THAT plugin!', I'm sorry to say I strongly feel it's JUST you), then something was ALREADY wrong on your server. What was wrong? My candidates in order of likelihood:
1) You had another plugin/theme on that WordPress install that was corrupted.
2) Your install was insecure and a legit (but evil) plugin/theme is using that to leverage the hack
3) Your login ID (SSH/FTP) was compromised
4) Your server has a security hole
What we would need to do, were this MY server, is grab the access logs and error logs and look at what the hell was passed through to my server at that time. A GOOD host will help you. I repeat this because the one time I was hacked - through my own stupidity - my host helped me trace it back to a time-frame on a Friday where I was, indeed, being an idiot (FTP instead of SFTP on a Windows box with no virus protection, using IE ... I know).