Almost all of the new viruses...like Klez, Sobig, MyDoom, etc... use email spoofing to disguise where they are being sent from. The purpose of this is to help trick you into opening the email as it will appear to be coming from a trusted website or friend.
If you're really curious about the gory details on how this works
you can do a Google search using the keywords virus email spoofing and it'll turn up all kinds of articles for you to read.
For the less curious, just practice safe computing. You just can't 'assume' anymore that just because an email appears to be from someone it definitely is. Use anti-virus software that scans your email, keep the definitions up to date. Don't assume that attachments that look like they are from someone you know are safe. Scan them before opening always. And if you do get an infected email from someone you know, keep in mind that it's very likely they didn't actually send it to you.