When WHOIS info is correct it can be a big help. I've done the same for phishing scams hosted in the US. The person on the receiving end is usually somewhat confused at first, but eventually gets it.

Most likely a server that was hacked, most people appreciate getting a call at that point to let them know that they are hosting something that is not entirely kosher.

Phone call or no, somehow I don't see anyone taking their sites offline in only 15 seconds without prior knowledge of what was going on.

That seems an awful lot more like a, "shit, someone's connected the dots" response. Especially if you're claiming ignorance about the domain name being called about. 15 seconds isn't even long enough to walk down the hall and ask someone about it.

I think the 15 second was just an expression to "very quickly"

Perhaps, but that doesn't change my impression of the story: phone call is made, and everything is shut off in a flash immediately afterwards.

Even if not a literal 15 seconds, the phrase doesn't seem to imply that there was a length of time where someone on that end might have been investigating the issue. It implies that someone flipped the switch to "off" the instant one was able to get within reach of the switch.

Good proof of concept, if its spreading like wildfire it means that... guess what... we got a good new medium to spread malware.