This may not be just a "scam," but could be a criminal activity. (Criminal is my term for it, and it may not be a legally defined term.)
Possibility I:
One of the most popular means of distributing junk email is to get a "bot" placed on an individual's machine. The bot connects surreptitiously to a site where a larger program can be downloaded and installed (usually hidden) on your computer without your knowledge. While you are unaware, the program uses your machine to send SPAM to the whole wide internet.
Estimates now are that 60% or so of all SPAM traffic is sent from "robot" machines taken over in this way.
Such downloaded/installed bot programs fairly often include keystroke loggers to capture your personal identification information, as when/if you type in your credit card number for a web purchase. In a few cases they've been know to search the machines on which they're installed for any passwords etc that you may have tucked away.
It is quite possible that the email that was forwarded was sent from your machine, using your email return address, without your knowledge.
Quite commonly, these programs will send to every address in your address book, so you might check with a few friends to see if they've received "strange" email from you. More often recently, the same program that sends the email (in your name) may be accessing lists of recipients elsewhere. They may not be particularly interested in the dozen or few dozen addresses you have when they have lists - bought and sold on the internet - of many thousands of "confirmed suckers" to mail to.
Possiblity II:
It's been fairly common recently for a scammer who manages to get your email address to send a "Re:" email, showing your email as the originating address, to make it appear that they are replying to something from you. This "fake" can be done quite simply as noted by earlier posts here. Quite often, these messages will claim that your bank, the IRS, Homeland Security, a lottery, a place where you have an account, or some other "legitimate" source "needs to have you confirm" something. A link is usually provided for you to click to find out what it's all about.
The link may take you to a site that looks exactly like the real site that it's pretending to be; but it will be a fake where you will simply be asked for personal information, or where the above mentioned "bot" or other malware can be downloaded to your machine.
In less common cases, the link may actually be to a real site that has been "hacked" to make it download the same kind of malware.
A "remove my name from your list" button may actually go do a download server that will give you a "thank you for your reply" while it downloads malware to youre machine.
(NEVER CLICK A "DO NOT SEND ME ANYMORE" link on anything from an unknown sender.)
Possibiity III:
As noted above, there are less nefarious ways for someone to fake an email address, so your experience isn't proof that your machine has been taken over; but to fake your address someone with low moral values has to know your address, which should cause you some concern.
There are, unfortunately, no really simple tests for which of the above may apply to your situation, or for being sure that some more innocent thing applies. Any recommendations will depend on "How paranoid do you want to be."
Also note that all of the above happen mostly to Windows machines, but neither Macs nor Linux machines are completely immune; and similar malware is reported for both.