If you perform a search for electrum on duckduckgo or yahoo, an ad claiming to be electrum.org will be at the top.
In reality the ad links to:
This site is nearly identical to electrum.org except the download links give different files. All three of the files that can be download are much smaller than the real electrum and are most likely malware.
The three files are:
electrum.exe – 91136 bytes
electrum.out – 60316 bytes
electrum.zip – 32478 bytes
When installing software, especially something as import as wallet software, it is a good idea to verify the integrity of the download with a signature using a key that was obtained from one or more seperate sources.
I made a list of the keys used to sign popular bitcoin wallets below to act as another source to verify the integrity of those keys.
Signer: Gavin Andresen email@example.com
Fingerprint: 01CD F462 7A3B 88AA E4A5 71C8 7588 242F BE38 D3A8
Key ID: BE38D3A8
Key Link: bitcoin.org/gavinandresen.asc
Signer: ThomasV firstname.lastname@example.org
Fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
Key ID: 7F9470E6
Signer: Jim Burton (multibit.org developer) email@example.com
Fingerprint: 299C 423C 672F 47F4 756A 6BA4 C197 2AED 79F7 C572
Key ID: 79F7C572
Signer: Alan C. Reiner (Offline Signing Key) firstname.lastname@example.org
Fingerprint: 821F 1229 36BD D565 366A C36A 4AB1 6AEA 9883 2223
Key ID: 98832223
The signatures provided for some of the wallets are signatures of the hash values, so be sure to verify that the hash of the downloaded file matches the hash that was signed.