This particular thing, is more a spam issue than a virus issue, since the js file that it invokes, causes automatic message/chat/event sending, thus perpetuating the cycle.

As far as I can tell, there is not much more to it, but I don’t see why there wouldn’t be.

I think Facebook need to look into preventing the external posting etc…