Why did my friends get spams from my email?

Recently I got an email with subject like "Delivery Status Notification (Failure)". It had been initially sent to my friend's old email account. The content inside that failed email was obviously one of a spam email. I wonder if some viruses infect my machine but either Kaspersky or AVG (free version) is installed in my two PCs and a notebook and it is doing fine.

My theory is that one of my friends' computers instead got some viruses and they generated such emails from a random email address to the rest of the hacked address book. Is this possible? What are your theories?

UPDATE: All the spam things have stopped since the day I posted this question. Now I wonder if my theory above is technically possible. If so, mine should not be the first and the case must be well-documented somewhere.


Solution 1:

You've hit the nail right on the head there. Many virus's send spam from an address in the address book of the infected machine. Sending messages from a known person is good to con people into opening the virus and infecting another machine. 'Oh look, Puri has sent me some pictures'. Also, by using random users, rather than the email of the infected person prevents the infected machine from being easily identified.

Solution 2:

Unless the sending mail-server (e.g. the one operated by an ISP or webmail service) checks it then an email can be sent with the From: address set to any valid address.

A recipient has to check the routing (Received: from) information in the email header to see whether this source is likely. Some emails also have Received-SPF: and Authentication-Results: entries that may add to or detract from the credibility of the claimed origin.

Solution 3:

Everything is possible, since virus writers have lately become quiet creative.
I wouldn't discard the possibility that this is all happening inside your own computer, meaning that it's you that's infected. Run antivirus and adware scans on you computer and maybe use a couple of online virus scans supplied by some of the better-known companies (google "online antivirus scan").