actually this doesnt seem really as malicious as it could be. I dont see stealing any cookies.
It just posting to all your friends and when clicked it is forcing you to go to some site which is blocked as suspicious by my bluecoat proxy.
The script it asks to enter in URL links to http://banfish.info/config.js that sends facebook update (XMLHttpRequest()) to all your friends and adds a new script to current page
Message that goes to your friends
the script located as jclock.js (not available now) and locked.js redirects to
which injects an iframe that asks for survey which goes to
Even when you click the video it goes to http://whos.amung.us/ which collects stats. May be attacker wants to see how many idiots clicks it.
Luckily my bluecoat proxy blocks it as Suspicious.
Need to check out what is that go2cloud.org
Overall, it seems to be like prank.