How spammers work:
When you receive spam, sometimes it will say it came from you or someone you know.
There is the possibility that you got a virus, but only if you download suspicious files and
programs. If you are careful and keep your antivirus software up-to-date then most likely
this is because the spammer either got your address (and a bunch of others) from the
internet, or purchased them from another source such as a company you did business with
that sold them your address.
There is a way to tell where the address really came from, but it involves looking at the
headers of the email, and the procedure for doing this is dependent upon your email
client. In Thunderbird you highlight the email by clicking on it then pressing Ctrl+u. For
other clients you will need to research it, but it is usually located in the View menu.
For example, my work email address has never been given out (that I am aware of).
However, if someone I sent an email forwarded my email to someone else without
deleting the forward information that other person now has my email address. Therefore
somehow my account got published to some spammers. Here is an example of such an
email.
The fact that I don’t know Vincent, and I could care less about rain in Kenya tells me this
is spam. To make matters worse the fact that it has an attachment tells me that it likely
contains a virus.
Opening the email shows that it came from mania104@<domain> (I blurred out the
domain because this is most likely not the perpetrator of this email just an innocent
victim like myself).
So, now I choose to view headers or view source (depending upon your email client).

The things to note here are:
1. I have removed all references to my company and my email address, as well as
the domain of the innocent party that got spoofed for our protection (hence the
black marks).
2. I highlighted the actual culprit.
The highlight represents the IP address of the machine that sent the email. Now this too
could be an innocent victim. For instance if a spammer hacked someone’s email server
on the internet they could send email from it posing as anyone they want. But at least it
is a starting point and at the very least this person should be notified that they were the
victim of a hack. So now I take the IP address 41.191.229.166 and use a reverse lookup
tool called whois.
If you are fortunate enough to have a Linux or Unix box handy you can (generally
speaking) use the command whois to do this lookup. But, since most people do not have
this privilege in life and are stuck at the altar of Gates, I’ll use a web based whois lookup
from http://whois.org/.

By default it does lookups based on the name not the IP address so I have to go to the
bottom of the page and find the lookup by address.

I enter the address and click search.

Within a few seconds I have the hosting provider of the person responsible for this spam.
I used to contact the providers directly sending them the email and asking them terminate
the person’s account and prosecute them as required under international law. Now,
however, I simply forward the email to spam@uce.gov and let the FBI handle it.