Nuclear enrichment facilities in Iran may have been hit by another malware attack, according to Finnish security company F-Secure.
Researcher Mikko Hyppönen claimed that emails sent to him by a scientist working at the Iranian Atomic Energy Organisation (AEOI) indicated the hacker tool Metasploit was used in the attacks.
The malware shut down an automation network at the Natanz and Fordo facilities together with key Siemens hardware previously targeted in malware attacks there, according to the emails.
The worm also randomly played Thunderstruck by Australian rock band AC/DC on full volume at midnight on the infected computers, the unidentified scientist claimed.
Hyppönen was skeptical of the claims but said the source was genuine.
"We can't confirm any of the details. However, we can confirm that the researcher was sending and receiving emails from within the AEOI," he said.
Iran's controversial nuclear enrichment program, which Western nations fear will be used to create atomic weapons, has previously been set back by the Stuxnet malware in 2010, now believed to have been written and disseminated by US and Israeli security agencies.
The malware subverts industrial systems and includes a rootkit that targets the programmable logic controllers in Siemiens supervisory control and data acquisition (SCADA) monitoring devices.
Hyppönen said on Twitter that he had heard nothing further about the alleged worm attack.
However, he confirmed the scientist quoted emailed him three times from the Iranian atomic energy organisation aeoi.org.ir domain, but has been quiet since.