That screenshot of Fruitfly “victims” shows a lot of root accounts. How was the root account even activated as it is off by default on OS X, and activating it is non-trivial.
Up until last fall there was a means of accessing Root level with a Thunderbolt plug in device that bypassed passwords. A person with physical access to the computer need only plug in such an infected device and the payload could be uploaded and installed. As it mentions it is a simple load at startup file that is easily deleted if one knows where to find it in the System Library. . . however it does require physical access to the computer to plug in the Thunderbolt device. It takes just seconds to accomplish. Apple blocked this means of attack last year by pushing out a patch to all Macs that patched the firmware for the Thunderbolt hardware.
Incidentally, on a Mac, the “admin” account is not a “Root” account. It is one level below Root. . . also there is now a super level root account on all Macs instituted with the change added by Apple requiring a additional password even above the Root password for certain changes to the System to prevent even the Root user from doing damage to certain directories.