This used to be a more common problem, but as server security has increased hackers and spammers do look for easier targets. There are still web servers and online forms that hackers can compromise, and use to send out their spam, but usually this type of activity is easier to detect, and they get shut down very fast. However, recently hackers are using easier targets such as email accounts hijacked from people just like you.
ISP's have to stop it before it gets out. If they use rate limiters on outbound email, and password policies, they should not have these problems. And the ISP's that don't will usually end up on blacklists until they rectify the problem. Actually, some of the bigger ISP's are often the worst problems as they are too big to blacklist, and without that pressure they have little motivation to deal with this issue. By using MagicSpam, ISP's can protect their servers from further compromises and block existing outgoing spam.