Luckily if for any reason you have downloaded Joomla from somewhere other that the official site you can do an MD5 check on the download and compare it with the master MD5 list at joomla.org
Phil Taylor today provides a helpful guide to checking the MD5 at his blog.
As Phil mentions many of us, including all my Debian friends, have long advocated the GPG signing of Joomla and it's extensions.
With GPG keysigning you can not only confirm that the file you are downloading is the "real deal" and has not been tampered with you can also create a circle of trust.
I should add that even if you are doownloading a file from a "trusted source" you should still check the MD5. I have seen a trusted source get hacked and it's master files modified without the site owners knowledge. Fortunately that site owner pubished the MD5 so it was quickly detected.