While it is easy to just provide info on the generic name I think it would be "better" to provide info on how to check it yourself. I mean, what if you don't have NFS installed? Is the info still valid then? (Not) What if it is a name that cannot be traced to a package easily?.. Also because this is about the single most important part of Linux user authentication I think a more detailed response would be beneficial to those who need it.
1. Login as root and read the password entry: "getent passwd nfsnobody". This (and "man 5 passwd") gives you info about the account. Note that if the second field reads "x" you're using shadowed passwords (good). Note the third entry which is the UID. User "root" has "0", on regular boxes lesser-privileged users have an UID between 1 and 500 (see UID_MIN in /etc/login.defs) and unprivileged users have one over 500. Note the last entry wich should read "/sbin/nologin" which means it's login is disabled (if so, for this account: good).
2. Move on and read the shadow entry: "getent shadow nfsnobody". Note the second entry starts with an exclamation mark which means the account is locked (for more see "man 5 shadow").
3. Even if impossible given the account can't be used, you could still check if anyone tried to login using this account, a sign of someone trying to break in using "lastlog -u nfsnobody" (should read "Never logged in") and the commands "last" and "lastb". Finally "w" and "who" give info on who is logged in.
Finally there are some packages that can audit your auth data and more, the best choice would be "Tiger". Running it periodically from cron and mailing reports to whoever reads root account email helps you keep tabs on what happens on your system.