Your question is hard to answer, it could be either a virus or a person being malicious!

Authenticate your settings, this is usually a must to help protect yourself from this situation...

If this continues, then you have a chance of being black listed and removing this is nearly impossible with some ISP's and this will seriously affect business communication.

As to who how and what, that is different. I assume usa.com is not a domain name you own? Either way, if the email is not authenticated then either a person or a machine (virus) can perform this action quite easily. If it is authenticated then a virus or person can still perform this but they require the password etc which makes it some what more difficult.

I would review the emails it has sent an email out too and if any of those on the list are people you have a good relationship with, ask them if they received it and to have it forwarded onto you.

In my admittedly scarce experience of these scary events, the most likely explanation is that the agent abusing your mail server is a spammer. This jibes with the reply you had, "Too many recipients..."; anyone aiming at stealth would not flag his activity this way.

Once a mail server is known to be compromised, it is open to infiltration by just about anyone with adequate skills (in this case, given the lack of authentication, not much is required in terms of technical knowledge), but serious offenders tend to protect the resources they infiltrate by preventing others' abuses to alert the local IT people. So, the most likely scenario is that you are being infiltrated by a spammer, and that's it.

At this point, your most pressing risk is that of blacklisting, as noted aptly by Dave Rook. The question at large that you should ask yourself now: besides my mail server, what else has been infiltrated? That will require a serious forensic effort.