The invention discloses a method and a system for reviewing Botnet. The method comprises the steps of: continuously collecting flow data information on a network through a flow collecting sub-system and sending the flow data information to a flow information database to store, monitoring the network flow through a flow analyzing sub-system, taking out the feature of the Botnet from a Botnet database by a DNS correlation analysis sub-system, searching in the database accessed by DNS with the feature of the Botnet, finding if exist the Botnet accessing order and an access of a control server C&C Server domain name, and if yes, recording each IP address of the C&C Server domain name through the DNS correlation analysis sub-system. The method and system of the invention can find out Botnet and the host computer controlling the Botnet by analyzing and verifying the access request of DNS and the network flow feature, and can perform precautionary measures to the corresponding server and Botnet host computer like refusing service, close the server, and the like, so as to further ensure the safety of the network.