I believe that your hunch is correct: one of the legitimate employers who viewed your resume on monster.com had a virus on his Windows machine. The virus promptly collected your email address and proceeded to either 1. transmit it to a spammer list server (collecting email addresses from harvester viruses), or 2. spammed your address.
In the case 1., there is nothing you can do, because the spammer machine is not the harvesting machine. In case 2, you can find the IP address of the harvester/sender in the Received fields, and with a bit of luck, you will find that this IP resolves to a domain name that matches one of the legitimate employers who emailed you.
You can then proceed to telling this prospective employer that he is a total looser and that his machine is a zombified piece of Microsoft crud, and that he couldn't recognize security if it hit his fat ass with a 2-by-4, and that...
... oh, wait, you're looking for a job, right?
See the problem with zombified Windows machines? You want to chew up their owner for being so clueless, but the owners have really done nothing wrong, so they have every reason to get upset if you give them the bitch-slap they so richly deserve.