It wasn't MS remote desktop? I don't remember if it was on by default but it wouldn't surprise me if it works on the outside ip as administrator and no password.I was starting a dedicated server for a game, installed XP SP2 fresh, and within 5-10 minutes a Messenger exploit just-happened out of nowhere (I didn't touch it beyond getting to post-setup desktop but it was internet-connected)
I only saw that happen once with Windows and I think it was before XP SP3, but it was interestingI also had a VNC Ubuntu desktop HTPC randomly get logged into and having a cursor move; I don't think I would have forwarded ports on router, but don't quite know how it was set-up for that to happen (I was watching TV and saw the mouse move, and walked up and disconnected its Ethernet)
Now I think about it, you had to check something in properties of This PC to allow that.