I just got another one too.
It's easy enough to fake a "from" address after the individual's address book has been harvested, or someone else's address book simply containing the address the mail is supposed to be from.

This is why, if you're the type to send out mass e-mails, you should send them to "BCC". If ANY one of the people on the list of addresses gets infected or hacked, ALL of the names/addresses will be collected.