Internet users looking for Halloween sites could be in for a nasty surprise, a security company has warned.

Users who mistype web addresses, getting them slightly wrong, run the risk of going to sites run by criminals and distributing viruses or spyware. These sites are deliberately registered with names similar to real sites, in order to catch people who mistype addresses.

According to computer security firm Websense, the practice, known as 'typo-squatting' or a 'typo-attack' is especially rife at Halloween. The company says it typed a common misspelling of 'halloween' into a search engine, which returned a site that tried to install a malicious program on the computer in question.

Users visiting unknown sites should immediately close any windows that pop up and are not related to the main site, and should never allow such sites to install programs on their PC. More advice is available from Websense's website about how to avoid being scammed by typo-squatters.