owner of malicious files are root

Today, I saw /tmp directory in my server had some malicious files, so I will delete them all!

Which I had surprise before remove them, I saw permision owner of this files are 'root' , usually I saw permision of malicious files are 'nobody'

-rwxrwxrwx 1 root root 19242 Mar 18 21:18 r0nin*
-rw-r--r-- 1 root root 19242 Mar 18 21:18 r0nin.1
-rw-r--r-- 1 root root 1089 Feb 26 2001 udp.pl

my questions :
1. From where or what this hacker can change permission files from 'nobody' to 'root'?
2. Are this files more dangeous rather than 'nobody'' owner?

Thank you

 

 

 

 

Top