As our colleague Jorge Mieres over at Kaspersky recently noted, cybercriminals appear to be using Amazon Web Services (AWS) to host quite a large volume of SpyEye Trojans and exploit kits. In fact, another colleague in my group, Ranieri Romera, recently collected approximately 22Mb of malware hosted on AWS for analysis and detection.
My advice is to avoid clicking any suspicious link either in an unsolicited email message or an apparently benign link embedded in a Web page hosted on AWS (e.g., zx1uporn.s3.amazon.com, et al.) until this problem is resolved. We recently saw about 30–50 various subdomains and specific URLs created on AWS that appear to harbor malicious content.
We reported this to Amazon Security folks but in the meantime, these malicious links are being blocked by the Trend Micro™ Smart Protection Network™.