Like propain says, that is a age-old problem, usually with only a problem with open or rogue mailservers. While it its indeed easy to forge the from field, most servers out there, from public webmails to college and corporate servers, including hotmail, dont allow (checks or prevents it) you to forge it or at the very least does some sanity checking like if its from its own userpool.
I got one with the ganda virus from both '
[email protected]' and '
[email protected]' long ago, shortly after visiting the ut2k3league site. In all 2 mails from each address. 2 different mails, 1 posing as a screensaver with some swedish text trying to make it interesting, 1 just a autoexecuting exploit (for IE/outlook). All carrying the same payload virus attachment.
All that the headers indicate, if they are reliable, is that it originated somewhere in the Telia network. If they allow their users to use any fromfield content on their smtp servers, it could have been 1 of millions, but likely is just a infected host abusing the accounts of the user. What is unsual in this case is that it used swedish text for the luring, so it probably did come from the Telia network.
The bottom line is, this shit happens, and it is largely the case that the from and replyto fields are not that of the sender, more likely grabbed from address books/lists or just picked from the headers of mails in local folders, of the sending and very likely already infected system.
Best you can do is forward complete message with all headers to your isp and to the originating isp (see headers for that, even if possibly faked), with a subject like like "complaint: user email abuse / virus spam bot" and ask or politely demand that they do something about it.