I think you are confused. Like any web spider, it doesnt infiltrate firewalls...it's just hitting the web server. They are not spyware and not intrusive.
It appears to sit below a level that would be detectedby a spyware. It would only get triggered by someone clicking on an available link. So if that advertiser subscribes they can get a metric on where people come from. So spyware and AntiVirus would have been triggered before most people click the link to the ad.
It won't. Spiders and robots can be detected either by the user agent they identify themselves as or IP addresses they operate from among other ways, and webmasters can block them in a variety of ways. There are plenty of lists of these bots that webmasters can download to build an initial set of rules to block them. I'm sure Spyder will make it onto these lists fast enough.
But, most webmasters are too lazy to go to the trouble of doing it.