Two answers - "thin client" has the server piece, and the client piece.
The server piece is an "image" running on the server. IF the server somehow gets infected, it's possible the client image can be infected, however the chances are slim if the server is protected.
The client, at least in a virtual thin client world, runs in a virtual world. If the client gets infected, it's not really infected, only in memory. Their registry is virtual, their files are virtual, "reboot" the client, and all that is wiped from memory.
But the files the thin client saves can indeed be infected, documents, etc. - things they write into the real world, or while the client is active, it can infect.
Bottom line, you still need protection for the server, the client and the network.
Those who say you don't need protection for thin clients or virtual thin clients are kidding themselves.
There are bugs now that understand all computing worlds, and can actually infect the hosts of virtual clients and/or thin clients.
Now the statement "if the lan is infected the client is infected" isn't really quite so............. first, one must define what they mean by "lan infected". Do they mean the server OS? The files stored on servers? You can't really infect a LAN, but you can infect the resources on that network or LAN - the server OS, the files on the servers. Then said infected machines, servers or clients, can attempt to reach across and infect other resources.
"LAN" as such can't be infected, the parts can be. There can be an infected computer or server that is working THROUGH the LAN to attempt to infected other computers, but typically, thin clients are safer as they are more secure and locked down. Especially VM clients. But they still need to be protected because of the files they can save and create that can be infected, and while they are "running" they can try to infect other machines.