We proposed a worm detection and defense system named bot-honeynet in this paper, which combines the best features of honeynet, anomaly detection and botnet. The combination of honeynet and anomaly detection system offers a tradeoff between false positive and false negative rates. The control mechanism of botnet can help our system control all the honeypots in the bot-honeynet. Bot-honeynet is designed to not only detect worm attacks but also defend against malicious worms. Once malicious worms are detected, thousands of benign worms are released to counterattack them at the same time. We can conclude from simulation that P2P based benign worm is provided with high efficiency on defending against malicious worms and is better than traditional benign worm even if the release time is later. Thus, it saves more time for security researchers to prepare benign worms.