some real quick answers:
'refererLib.php' was the old naming of 'cg-referrer.php'. So long as the plugin is active, you don't need to add any includes to a wp template/theme file -- just add the php calls/tags to show recent referrers, or recent queries, etc. I generally avoid having people show referrer lists as that ATTRACTS referrer spamming. Showing recent queries is a bit safer...
cg-referrer uses a few internal lists (cg-blacklist.php), plus some logic checks. At the moment, it basically just drops 'bad' referring people on their ass. My new code I'm working on does a nicer job of things presenting a raw HTML page, and properly logs them into the database as well (thanks to drdave of Referrer-Karma fame for the heads-up I was missing those two steps).
It also does bot detection looking at the UserAgent information sent with the http request.
In my new code, 'rejects' will show up in the bots list, rather than the main list, for semi-obvious reasons.
At some point, I'd like to write a post-processor that can walk through the database and 'shift' entries into being noted as spam/blacklisted after the fact. I used to just flush my blacklisted stuff every now and again -- now I try to save things up longer so I can pick through them and add more intelligent stuff to the blacklists.
CG-AntiSpam uses the same cg-blacklist to check all provided URLs for bad/spam links. It also allows WP to do its own spam checking as well. However, I don't think I respect WP trying to whitelist something (as that happens outside my 'view' of things) necessarily -- if I see it as spam, and it sees it whitelisted, not sure who wins.... ;)
CG-Referrer will 'knock' anyone who sends a referrer string only -- so it will only stop commenters if they're really, really stupid. CG-AntiSpam was designed to filter comments (and trackbacks/etc.) themselves.
Spam-Karma and Referrer-Karma do a lot of similar things to CG-AntiSpam and CG-Referrer, if you want to look at other options -- drdave has done some great stuff I'd like to emulate... or, at some point, I might start trying to share techniques directly.
The cg-blacklist.php file currently only gets updated when you manually do so, or grab a new version from a new powerpack. I'm looking into a method for having some kind of auto-updating blacklist grabbed off my server -- but not as yet.