In this paper we propose a worm detection method that detects Silent worms effectively in intranet and LANs. Most existing detection methods use aggressive activities of worms as a clue for detection and are ineffective against worms that propagate silently using a list of vulnerable hosts. To detect such worms, we propose Anomaly Connection Tree Method (ACTM). ACTM uses two features present to most worms. First is that the worms's propagation behaviour is expressed as tree-like structures composed of infection connections as edges. Second is that when selecting infection targets, the worm does not consider which hosts its infected host communicates to frequently. Then, by detecting composed of anomaly connections, ACTM detects the existence of worms. Through the simulation results, it has been shown that ACTM can detect the worms in an early stage of the propagation activities.