This is done by redirect_guess_404_permalink(), which is called from redirect_canonical(). redirect_canonical() does more than just this: it makes sure you are always using a single canonical URL for an item, it will add slashes, force the same domain name, …
You can either unhook redirect_canoncial so it does nothing, or you can hook into it and prevent redirection when it is a 404:
// Disable redirect_canonical()
add_action( 'init', 'wpse18110_init' );
function wpse18110_init()
{
remove_action( 'template_redirect', 'redirect_canonical' );
}
// Only prevent redirect on 404
add_filter( 'redirect_canonical', 'wpse18110_redirect_canonical' );
function wpse18110_redirect_canonical( $redirect_url )
{
if ( is_404() ) {
return false;
}
return $redirect_url;
}