Google’s source repository is probably on some variant of Unix - perhaps Linux, perhaps something else. Most all serious s/w shops use some variant of Unix for their servers and their SCM repositories.
Here’s more information on the widespread source-code filching operation out of China:
http://www.wired.com/threatlevel/2010/01/google-hack-attack
The Windows machine penetrated most likely had a SCM client installed, so there was no need to penetrate the Linux/Unix/whatever machine that holds the SCM repository. If you penetrate an authorized client machine, you just invoke the client s/w and use scammed passwords to get in. You really don’t care what the other end of the SCM pipe is - or where it is.
There are known keystroke loggers on Windows XP that MSFT has yet to fix. There are many root kits for Windows you can buy off the shelf once you find a hole - and finding a hole in the Windows platform or third party s/w (in this case, Adobe’s s/w) on Windows isn’t difficult. The phrase “shooting fish in bucket with a shotgun” comes to mind.
Apache’s issue tracking site also got hit recently by a targeted XSS attack.
So you know the google machine was XP? Do you have a link to confirm that or is this just guess work?