Alright so the claim is that "hackers" are constantly scanning the internet in search for vulnerable systems and a few minutes is enough for the "hackers" to find it and infect it. There are more than 4.3 billion IPv4 addresses, assuming a probe takes like 10 seconds to identity the IP, it would take more than 1000 years to scan all of the internet. Even if you use a distributed botnet it would be like finding a needle in a haystack. Ok let's ignore that and assume they found the XP machine. Typical viruses and Trojans require the user to download and execute an infected file but this assumes unattended infection. Not saying it's impossible, as there are exploits that can open a back door but dedicating so much time and effort to hack an old machine that is not a high profile target seems unlikely.