This particular thing, is more a spam issue than a virus issue, since the js file that it invokes, causes automatic message/chat/event sending, thus perpetuating the cycle.
As far as I can tell, there is not much more to it, but I don’t see why there wouldn’t be.
I think Facebook need to look into preventing the external posting etc…