Abstract: Email worms have recently become the most serious security threat on the internet. In this paper, a contact-tracing chain based framework (CTCBF) is proposed to detect this worm through tracing the contact behaviors among peers. This framework uses the contact tracing chain to trace abnormal peers which are screened out by isolated monitoring, and develops "difference entropy" to group peers with the same abnormal behaviors. Peers are confirmed with infectious symptoms when the length of contact tracing chain which they belong to reaches the preset threshold. Through numerical simulations, we demonstrate that the proposed contact tracing framework can quickly detect the propagation of Email Worm.