Could it just be a badly written search spider? The ad is simply an anchor tag around an image. If you didn't filter it out specifically, you would just "click" it to get to another page.
If FB is not smart enough to discern curl/wget/whatever_crawler_socket_call used from genuine in browser click then the argument is already won. Hell, you could write an army of Selenium Firefox/Chrome bots to drive up costs of ad competitors, randomise the host machines, etc... but it's still hard to believe that FB anti fraud measures can't figure it out.
To me, something is off, whether with FB or these guys.
When you build an advertisement network, you end up spending a bunch of time figuring out how to isolate these fake clicks and verify that they are not real. As an example, the IP addresses running the bots are going to be clicking "way too many ads to be a human".
