FWSM is a firewall that has a connection based operation. All it sees are connections passing through. It's not possible to look into the payload since UltraSurf encrypts the traffic. Any SSL packet passing through the firewall can be a potential UltraSurf packet. But you can't just block all TCP 443 because many secure connections relay on this protocol.
There is nothing else the FWSM can do to block UltraSurf. Based on Cisco documentation, all it can do to try to block it is the use of ACLs.
In order to have an efficient action over UltraSurf you need advanced encrypted content engines analyzers (like an ACE module that can look into encrypted payload).