Heh. Not that I would ever defend him, but he probably didn't send it.
Here's how viruses started spreading so effectively:
Some unsuspecting soul installs the "virus" on his PC
The virus searches his computer high and low and compiles a list of e-mail addresses. Some viruses even attempt to guess which e-mail addresses might be related using various logic.
The virus then sends itself To: some address it found From: some other address it found - using the relation logic so that e-mails appear to be sent from someone the recipient knows.
The recipient says "Hey... I know that guy. I wonder what this is!" and starts the chain again.
The more effective viruses have been written to have little impact on infected computers - giving little to no sign of infection. The only way to identify infected PCs is to find the actual IP address the mail came from, contact the ISP that owns the IP address, and have them contact the user.
Some ISP's have started monitoring outbound port 25 traffic for unusual patterns - and a very few have installed outbound port 25 proxies that can read headers, quickly identify potential forgeries, and block outbound port 25 for infected users.