Sounds as if the relative's address book has indeed been compromised. Is this address book online? eg Hotmail or Googlemail The other two would probably be in that original address book or vice versa.
If that is the case I suggest that the account password is immediately changed to a more secure one. If the addresses have been harvested there's nothing you can do further as far as I am aware. They will already be in the hands of other spammers.
If the address book is located on their computer, either a Windows Address Book or similar, then that persons computer needs to be thoroughly checked for viruses and malware.