Network Address Translation (NAT) will allow the scan to pass through open ports. The fact that the firewall blocked the scan means that it did it's job, and you were in no danger.

A few years back, while bringing up a fresh NT 4 Server install, the server was compromised through a well known NT vulnerability before I could locate the Service Pack CD and install it. Less than two minutes. :-)    Had to format and start all over again.
This kind of stuff just happens, and will keep happening. About all anyone can do is to protect yourself as well as you can. There are freeware programs like SpyWareBlaster that harden your system quite well. Spybot S&D and SpyWareBlaster makes a pretty good one/two punch.

As far as why, I could only guess. They honestly might not be aware of it. Could be something that is integrated in Bondware.