basic advice:
when linked to software by someone you don't know over the internet, even when it seems legitimate, just google the software name and get there from the google link.
this prevents new/unknown/fake sites, and should cover 99% of the cases.
although very unlikely - even if the link seems legitimate from a website you know (e.g.
www.twoplustwo.com/something.exe), had the hacker successfully gained basic entry to the twoplustwo domain, he could plant a file on their servers without getting noticed/exposing the fake file on the site itself.