Enterprise networks are facing ever-increasing security threats from worms, port scans, DDoS, and network misuse, and thus effective monitoring approaches to quickly detect these activities are greatly needed. Firewall and intrusion detection systems (IDS) are the most common ways to detect these activities, but additional technology such as NetFlow can be a valuable enhancement. A worm (malicious codes) can disturb network and normal network operation. Internet worms are causes significant worldwide disruption, a huge number of infected hosts generate traffic, which will impact the performance of the internet. Therefore this is one of  the areas where researchers are concentrating to find effective detection system, which will presence the worms and reduce the worm’s spread. This paper deals with a classified study of most important and commonly used methods for detecting internet worms using Netflow.