According to examples, an apparatus may include machine-readable instructions that may cause the processor to determine that a first malware was detected on a first computing device and to determine whether a second malware was detected on a second computing device within a predefined period of time of when the first malware was detected on the first computing device, in which the first computing device and the second computing device are associated with a shared data storage that is remote from the first and second computing devices. The instructions may also cause the processor to, based on a determination that the second malware was detected within the predefined period of time, output a notification that the first malware was likely spread to the first computing device and/or that the second malware was likely spread to the second computing device through the shared data storage.