The startling discovery was made by Finnish security vendor F-Secure Corp., a company thats being targeted in the elaborate scam.
In a notice posted online, director of anti-virus research at F-Secure Mikko Hypponen said unknown typosquatters operating out of Panama have registered more than 150 domain names with slight—almost unnoticeable—variations of the target URL.
For example, instead of the legitimate www.f-secure.com, the domains "www-f-secure.com" and "wwwf-secure.com" have been registered and set up to point to "nortpnantivirus.com," which is a misspelling of Symantec Corp.s Norton AntiVirus.
"These guys are fairly serious, looking at the amount of security-related domains theyve registered," Hypponen said, noting that several other high-profile anti-vendors like McAfee Inc., Panda Software Inc., Sendmail Inc. and BitDefender are also being targeted.
The list of misspelled domains registered by the scammers include f-secue.com, mesagelabs.com, mcafeeantiviru.com, bitdefneder.com, pestpatorl.com and centralcomand.com.
A Web surfer that accidentally mistypes a domain is greeted by a page of "Sponsored Links" populated with advertisements powered by the Google AdSense pay-per-click program.
In an interesting twist, the Google ads sometimes point back to a legitimate anti-virus virus vendor, meaning that companies are paying per-click fees to the scammers.
Earlier this year, Google Inc. was itself the target of a Russian typosquatter who registered the "googkle.com," domain and used the site to install Trojan droppers, downloaders, backdoors and spyware when an unsuspecting surfer mistyped the search giants domain name.
Google filed a complaint with the National Arbitration Forum and won the rights to several of the misspelled domain names.