alt Hacker NewsProbably not many instances of code infecting that way, as most boxes running an OS that old should be well firewalled by now so the virus type infections will have died out.
You occasionally still see probes for Win95/98 era vulnerabilities though, presumably because there are a surprising amount of systems still running those versions and the cost of a probe in case one is accidentally open to the public network. Or as an attacker if you've already got into a private subnet, finding such hosts might be worth it as an extra place to put a reverse tunnel to aid getting back in later if your main route is closed off.
Metasploit has options to check for these systems and, given the appropriate checkbox, will happily support old Windows systems. So often you'll find support for these system even in modern malware - a tell (amongst many others) that Metasploit was used in their creation.